View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 10
IDProjectCategoryView StatusDate SubmittedLast Update
10625Bug reportsSurvey editingpublic2016-02-29 13:422016-03-07 11:45
Reporterresqonline Assigned Toollehar  
PrioritynormalSeverityminor 
Status closedResolutionno change required 
Product Version2.50.x 
Fixed in Version2.50.x 
Summary10625: CSS not loading
Description

Both admin and public sites have no CSS loading.

I had issues with file restrictions before and wondering if maybe a folder or a file needs other access rights for the CSS to load correctly both in admin and public site?

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)160206
I will donate to the project if issue is resolvedNo
Browserall
Database type & version5.6.27
Server OS (if known)Linux
Webserver software & version (if known)Apache
PHP Version5.5.31

Users monitoring this issue

There are no users monitoring this issue.

Activities

resqonline

resqonline

2016-02-29 13:50

reporter   ~35781

Ok, found the issue: apparently 776 is not working, but 775 is.

You can close this topic :-)
DenisChenu

DenisChenu

2016-03-01 11:19

developer   ~35810

What is 776 ? And 775 ?
ollehar

ollehar

2016-03-01 11:37

administrator   ~35812

Permission settings.
jbeima

jbeima

2016-03-04 06:44

reporter   ~35942

Last edited: 2016-03-04 06:47

I believe even those permissions are wrong.

These are PHP pages, like HTML pages that are interpreted by Apacge not run as shell scripts. That would be a security vulnerability.

Files should be 644 if Apache is being suexeced to run as the user, 664 if Apache enters the docroot with group access to 666 if Apache comes in as other (very dangerious).

Just like the directors should be set to 755, or 775, or God forbid 777.

Files should never have the execute bit set, unless they run as shell scripts.

For those who don't know how to derive these numbers:

4: Read / 2: Write / 1: Execute - Simply add up what you want.

Just my 2 cents!
jbeima

jbeima

2016-03-04 06:50

reporter   ~35943

Last edited: 2016-03-04 06:50

If the fix of 775 over 776 fixed the loading of CSS files it would be because of the pemission on a directory, not on a file.

This would mean Apache is entering the directory with the security of "Other User" and switching 6 to 5 turns off write ability to Other and adds the execute ability on that directory. Which is what is needed to look into a directory for a file.
DenisChenu

DenisChenu

2016-03-04 08:33

developer   ~35948

For limesurvey :

  • ./tmp/ must be rwx for the web_user
  • ./upload/ must be rwx by the web_user

Files and directory created in this dir :
. Files in this dir must be rw by the web_user
, directory created in this dir must be rwx by the web_user

For all other file (excepet when installing for config.php) must be readable (r) by web_user, directory mustr be readable and executabe (rx)

ADter : in tmp : we don't put php file if i don't make error. ANd we don't choose if it's executable : the web server do it, not LimeSUrvey.
c_schmitz

c_schmitz

2016-03-07 11:45

administrator   ~36018

Version 2.60 Build 150307 released

Issue History

Date Modified Username Field Change
2016-02-29 13:42 resqonline New Issue
2016-02-29 13:50 resqonline Note Added: 35781
2016-02-29 14:35 ollehar Status new => resolved
2016-02-29 14:35 ollehar Fixed in Version => 2.5
2016-02-29 14:35 ollehar Resolution open => no change required
2016-02-29 14:35 ollehar Assigned To => ollehar
2016-03-01 11:19 DenisChenu Note Added: 35810
2016-03-01 11:37 ollehar Note Added: 35812
2016-03-04 06:44 jbeima Note Added: 35942
2016-03-04 06:47 jbeima Note Edited: 35942
2016-03-04 06:50 jbeima Note Added: 35943
2016-03-04 06:50 jbeima Note Edited: 35943
2016-03-04 08:33 DenisChenu Note Added: 35948
2016-03-07 11:45 c_schmitz Note Added: 36018
2016-03-07 11:45 c_schmitz Status resolved => closed
2019-11-01 17:25 c_schmitz Category Survey design => Survey editing